A Study of Ransomware Detection and Prevention at Organizations
Total Page:16
File Type:pdf, Size:1020Kb
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 07 | July 2020 www.irjet.net p-ISSN: 2395-0072 A Study of Ransomware Detection and Prevention at Organizations Saurabh Kumar Sen1, Nidhi Chourey2 Saurabh Kumar Sen, Department of Information Technology (Cyber security), Vikrant Institute of Technology and Management, Indore (M.P) India. Nidhi Chourey, Professor, Dept. of Information Technology, Vikrant Institute of Technology and Management, Indore (M.P) India. ---------------------------------------------------------------------***---------------------------------------------------------------------- Abstract - Today ransomware has a serious threat to But, a ransomware attack in two ways. It either locks the the online world. Most of the software firms, universities, computer screen or encrypts certain records with a companies, and organizations in the world are trying to secret passwords. take alert decisions to save from ransomware attacks. A The ransomware is partitioned into two types: Lock joint statement was issued by both governments of the Screen Ransomware and Encryption Ransomware United States and about ransomware attacks insistence users to stay alert and take precautions. Recently on May Lock screen ransomware locks system and demands a 19th, 2017, the Swiss government observed the ransom for letting you access it once again. The second Ransomware Info Day, to spread awareness regarding type, i.e. the Encryption ransomware, modify the files in ransomware and its effects. Ransomware in India as well your system and demands a ransom to decrypt them is on the rise. again. The other types of ransomware are: Even expert computer users can be hit and be afflicted by ransomware attacks. In this case, awareness is very 1. Master Boot Record (MBR) ransomware. beneficial [8]. This study lays the foundation for additional 2. Ransomware encrypting web servers. research to find solutions to the ransomware attack problem at organizations. IT security experts and 3. Android mobile device ransomware. Researchers are aware of chart representations to depict 4. IoT Ransomware. cycles. This paper puts the problem that is faced by organizations on similar representation to show the work Microsoft distributed information specifying how of ransomware. Through combining research, illustrating numerous machines (clients) were influenced by the personal experience of a ransomware attack, Cyber ransomware assaults over the world. It was found that Security tool experience and graphically representing the the United States was on the best of Ransomware work of ransomware, society at large will be better assaults. Here are the top 20 countries that are majority informed about the risk of a ransomware attack. affected by ransomware attacks. Countries Machine count Key Words:- Ransomware, Vulnerability, Malware, U.S 320948 Encryption, Decryption, Wannacry, Eternal Blue, Italy 78948 Machine Learning, Symantec, Trend Micro. Canada 45840 U.K 38068 1. INTRODUCTION Spain 35992 Turkey 32714 A Ransomware is a type of malware that locks your files, Australia 25949 data or the pc itself and extorts money from you to Brazil 24953 provide access. This can be another way for malware Taiwan 20448 developers to 'collect funds' for their ill-conceived Germany 19984 Republic of Korea 19842 exercises on the web. Once ransomware contaminates a Netherlands 18594 network device, it begins scrambling records, organizers, Mexico 16525 and whole hard drives partitions utilizing encryption Russian Federation 13980 algorithms like RSA or RC4. India 13783 Types of Ransomware attacks Korea 13347 South Africa 10830 Ransomware used to display a message or Readme text Romania 10220 stating that the user has done something criminal Japan 9738 activities and they are being fined by the police or the government agency based on cyber policy. To get rid of these false 'charges', users were asked to pay these fines. © 2020, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 4686 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 07 | July 2020 www.irjet.net p-ISSN: 2395-0072 Examples: Table 1: The list of ransomware families, different families and Propagation Strategies. 1. Advanced ransomware like Spore, WannaCrypt (moreover known as WannaCry). And Petya PROPAGATION (moreover known as NotPetya) spread to other FAMILIES STRTEGIES computers through network shares or exploits. Spora drops ransomware duplicates in WANNACRY Samba Vulnerability organizing shares. SHADE Spam Email 2. WannaCrypt abuses the Server Message Block (SMB) Powerlessness CVE-2017-0144 (too Word Document called Eternal Blue) to contaminate other JIGSAW with Javascript computers [10]. 3. A kind of ransomware family petya exploits the SATANA E-mail Attachments same vulnerability, in addition to CVE-2017- Link in an E-mail 0145 (also known as Eternal Blue), and stolen indicating to be a job credentials to move across networks. PETYA application Older ransomware like Reveton locks screens rather Compromised than scrambling files. The attacker shows a full-screen websites and e-mail picture approximately ransom attack and disable Task CERBER attachments Manager. During this, Records are secure but viably blocked off. The picture contains a message claiming to CRYPTOMIX Spear phishing Email be from law requirement that illuminates the computer CTB-LOCKER Email attachments has been utilized in unauthorized cybercriminal activities and must be paid. Because of this, Reveton is Compromised nickname "police Trojan" or "Police ransomware". websites and email Ransomware family-like Cerber and Locky encrypt TELSACRYPTO attachments specific file types, typically media and document files. Compromised After completion of encryption, the malware displays a websites and e-mail ransom note using text, image, or an HTML file with the FILECRYPTO attachments information to pay a ransom to decrypt files. Compromised Awful Rabbit ransomware was found endeavoring to websites and email spread over systems utilizing hardcoded usernames and CRYPTOWALL attachments passwords in brute force attacks. Compromised websites and e-mail APPEARED YEAR CRYPTOLOCKER attachments GpCODE Email attachments 2018 2016 Accused of illegal 2014 REVETON activities 2012 2010 2008 In India, around 67 percent of the surveyed entities were hit by ransomware last year. Around 37 incidents of ransomware attacks were reported to the Indian Computer Emergency Response Team (CERT-In). Of these, 34 incidents were found of WannaCry and Petya ransomware. WannaCry ransomware attacks were to Figure 1.Ransomware attack with appeared year begin with Detailed on 12th May 2017 and Petya on 27th June 2017. Note that add up to no. of ransomware Above appeared ransomware families have different occurrence has been detailed to CERT-In within the propagation strategies. The propagation strategies are past: the way and method of ransomware propagation in a particular organization. Below the table of ransomware 2015:2 propagation strategies. 2016:26 2017 (till June):37 © 2020, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 4687 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 07 | July 2020 www.irjet.net p-ISSN: 2395-0072 More than 27,000 cybersecurity risk occurrences within preventing the specific payload of ransomware from the to begin with half of 2017 alone detailed by CERT-In entering the computer... [3]. These incorporate extend of threats like phishing Machine learning algorithms for ransomware attacks, websites intrusions and defacements or harms identification can be used as a proactive method for to information as well as ransomware attacks. As per combating ransomware threats, regardless of whether CERT-In's data, the number of cybersecurity incidents they are designed for PCs, mobile devices or even IoTs. reported in the past 3 years: The main advantage of machine learning is that it can be 2017:44,679 used as a tool to increase established safety layers, giving 2015:49,455 them proactivity, effectiveness and efficiency. 2016:50,362 Ransomware remains here: protection is the same. It is 2017 (till June): 27,482 highly unlikely that ransomware will soon go away, Machine learning particularly because digitalization has resulted in increased interconnectivity between systems. With a Machine learning is a form of artificial intelligence (AI) proven and tested business model and financial gains in which gives systems the ability to learn and improve the billions of dollars, ransomware is likely the biggest automatically from experience without explicit mass-market threat to both end-users and organizations. programming. ML focuses on designing Scripts, However, machine learning algorithms can augment all computer programs that are able to access and use data security layers to detect and plug threats at pre- to think for themselves. execution, on-execution, and post-execution, making The method of learning begins with observations or ransomware less of threats and more of a nuisance. information, such as cases, direct experience, or instruction, to search for designs in information and 2. LITERATURE REVIEW make better choices within the future based on the cases that we offer. The essential point is to permit the According to the review literature about Ransomware, a computers to memorize consequently without human brief history of how it works